Wireshark mailing list archives

Decrypting a PCAP of DES 64 Encrypted Telnet Traffic

From: "joseph () whyjoseph com" <joseph () whyjoseph com>
Date: Tue, 24 Apr 2012 17:19:05 -0500 (CDT)

I am trying my hand at the latest HoneyNet Challenge:
http://www.honeynet.org/node/829
It requires an analysis of a PCAP file.  The traffic appears to be telnet,
but encrypting using DES.
I am assuming based on my searching so far using this RFC Draft:
http://tools.ietf.org/html/draft-tso-telnet-enc-des-cfb-03

It reads in the draft that the IV is sent in the clear. Looking into the
PCAP I do not see the actual command mentioned in the RFC  "CFB64_IV"

So I am wondering if Wireshark has a way for me to extract that IV and use
it to decrypt the remaining traffic via a replay. Any feedback is
appreciated.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Decrypting a PCAP of DES 64 Encrypted Telnet Traffic joseph () whyjoseph com (Apr 24)